Buckler’s Post

(BUCKLER) Compliance work is never static, largely due to the ever-changing regulatory environment and constantly evolving risk landscape. Therefore, it is imperative for cybersecurity compliance professionals to stay informed of all the legislative updates that could have a direct impact on your organization’s operations. 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 🔹 How do you know when Cyber Regulations change across those you must adhere to in Financial Services (SEC, FINRA, NYDFS, HIPAA, Reg-SP, etc.)? 🔹 How do you track and manage new Regulatory updates? 🔹 Do you effectively communicate any policy changes across your team? 🔹 Do you get reminders and tasks assigned so you don't forget key dates? 🔹 Who manages and assesses Vendor Risk annually? Buckler covers all of the above for, and with, firms either enabling them to DIY within the Buckler system if you have a CISO, CCO, Operations team or to walk beside you filling roles or tasks to ensure compliance. Along with the tools to fully support Cyber Programs and Vendor Risk Management using Open VRM -- Buckler assists firms and agencies with value-added Services like Managed Cyber Programs, Training on Cyber Program Management, Managed Vendor Due Diligence, Outsourced CISO Services and more to get to full compliance. You're never alone in getting to final cybersecurity maturity. #Buckler #OpenVRM #CyberCompliance #CyberProgram #VendorDueDiligence

(JDSUPRA) As compliance professionals, we work hard to create robust programs. But is this enough in a trade where we seek everyone’s adherence to our values? 🔹 How do we communicate about what we do? 🔹 Are we visible to the broader organization? 🔹 How do we leverage other functions—particularly leaders—to trickle down our message? In this article, they provide insight and practical tips on how to effectively invest in communication and thus sell the critical mission to the broader organization to have a lasting cultural impact. NOTE: This applies to both standard and cyber compliance. Leverage it as a proactive gdifferentiator, as a brand booster and make it a profit center vs. just a cost center because of your positioning. #Buckler #compliance #cybercompliance #cyberprogram #cybersecuritypriority https://lnkd.in/ehN5wyf8

(Dark Reading) More than one in three businesses (36%) have suffered cyberattacks costing more than $1 million in the past year, up from 27% the previous yearup from 27% the previous year. With generative AI (GenAI), attackers are creating more sophisticated, hard-to-detect threats, with deepfakes alone projected to cost $40 billion in 2027. As long as there's money to be made, criminals will continue to innovate fast. Staying the course and ahead of the competition will require security professionals and golfers alike to seize every edge, from technology to training. 🔹 Teamwork Is Critical  🔹 Fundamentals Matter  🔹 You Need a Full Bag of Clubs 🔹 Shooting Par Is Hard 🔹 The Best Make It Look Easy Watching a pro golfer hit a perfect shot can make the game look simple, but anyone who's tried knows better. In cybersecurity, the best solutions are often the easiest, most seamless, and least disruptive for employees to use. The easier it is for employees to follow security protocols without interrupting their flow, the more secure your organization will be.  Visit Buckler for how to may Cyber Compliance & Vendor Due Diligence Easy 🔗 https://buckler.app #Buckler #cybersecurity #cyberprogram #securityprogram #FinancialServices https://lnkd.in/eWnHeVzu

(NYDFS NOTICE) All DFS-Regulated Entities Subject: Notice on Guidance to Address Cybersecurity Risks Arising from Artificial Intelligence 🔹 Today, the New York State Department of Financial Services (DFS or the Department) issued new guidance to help New York’s financial services sector understand and assess cybersecurity risks arising from artificial intelligence (AI). 🔹 The guidance outlines specific cybersecurity risks associated with the use of AI, controls that may be used to mitigate those risks, and how such controls can be improved with the use of AI. DFS has issued this guidance with careful consideration of the valuable feedback received from cybersecurity experts and other key stakeholders. 🔹 A copy of the guidance can be found on the Department’s website. #NYDFS #Buckler #AI #cybersecurity #FinancialServices https://lnkd.in/dibWxA9Y

(JDSUPRA) This TD Bank case is right up there with Siemens, Petrobras, Odebrecht, Goldman Sachs, and Volkswagen as some of the most basic violations of corporate law. All of the above cases involved bribery and fraud, and the Bank case involved a violation of the most basic requirement of the BSA and the most basic tenets of an anti-money laundering compliance program. Moreover, the Bank’s conduct was not 20 years ago or even 10 years ago, as the conduct began in 2018, and the illegal conduct was right up to this past year. What led to these failures? Failures at the Top 🔹 For the Bank, it all started at the top, where the very senior executives at the Bank decreed that no additional funds would be made available for compliance, compliance updates, or new technological solutions designed to make fulfillment of compliance obligations more efficient. This funding strangulation was termed the “flat cost paradigm” across the Bank’s operations. 🔹 As a result, the Bank “willfully failed to remediate persistent, pervasive, and known deficiencies in its AML program, including (a) failing to substantively update its transaction monitoring system, which is used to detect illicit and suspicious transactions through the Bank, between 2014 and 2022 despite rapid growth in the volume and risks of the Bank’s business and repeated warnings about the outdated system.” PRIORITIZATION NOTE: This is an AML and/or BSA type of standard compliance which Buckler doesn’t cover. We do Cyber Compliance across Financial Services like SEC, FINRA, NYDFS, Reg-SP, etc. That said, it’s a good example of putting compliance (and the budget or resources towards it) in the back seat hoping you never get reviewed or caught. With the number of breaches and incidents today, ransom attacks and more… one might think a priority would be put in this area. Cyber insurance requirements are driving priority also. What if cyber was viewed as a “profit center” because it can save you X every year in possible ransom costs or regulatory fines. #Buckler #cybercompliance #compliance #regulatorycompliance #FinancialServices https://lnkd.in/eg4K5A_X

(Cybersecurity Dive) More than 4 in 5 CISOs believe their role needs to be split into two separate positions, as regulatory and financial risks consume a greater part of their job responsibilities, according to a report released Tuesday by Trellix and Vanson Bourne. 🔹 A majority of CISOs are calling for the job to be separated into a technical, hands-on-keyboard security role and another position that focuses on regulatory compliance and boardroom disclosure. 🔹 Regulatory changes from the Securities and Exchange Commission and other bodies have been a mixed blessing for CISOs, according to Harold Rivas, CISO at Trellix. NOTE: What if there was a tool that MASSIVELY eased that regulatory burden making the CISO job much easier and more manageable and it could even be outsourced, as needed. Visit Buckler https://lnkd.in/gRRBMekR #Buckler #CISO #compliance #regulatorycompliance #FinancialServices https://lnkd.in/gRRBMekR

(BUCKLER) Line of Sight Across Cyber Regulations - In a recent discussion, the value of Buckler was brought up by someone as it relates to providing deep visibility into cybersecurity regulations and policies in many different areas. Definition: Line of sight (LOS) is an imaginary line that connects an observer to a target or subject of interest. It can also refer to the direction a person looks to see an object. The LOS Buckler provides for firms and agencies comes through different lenses since we interact with many different sources to create recommended policies and procedures like those below: 🔹 SEC, FINRA, NYDFS, NAIC, HIPAA, Reg-SP Regulations, laws, alerts, etc. 🔹 Policies of large Enterprises and how they approach cybersecurity 🔹 Vendor-specific policies that go into Open VRM (FREE for both Clients and Vendors to use across Financial Services) 🔹 RIAs of all different AUM sizes 🔹 Broker-Dealers 🔹 Insurance Brokers, Agencies, Companies again of all sizes 🔹 Working with Insurers that provide Cyber Insurance 🔹 Continuous market feedback 🔹 Advisory Board feedback (industry experts and knowledge leaders) 🔹 Keeping a continuous pulse on updated Regulations and more As Buckler sees these things frequently, we can compare them and understand best practices that get used by different types and sizes of firms or regulators. Buckler then applies that logic toward cybersecurity policies and building a comprehensive program. As such, value builds exponentially for CISOs, Security Teams, CCOs and Operation teams using the system. This isn't just a Cyber Program or Vendor Risk Management users get in the end. The toolkit leveraged offers industry comparables that are in essence built (baked) into the system and integrated as best practices that others benefit from - each user, firm or agency using Buckler builds on that value from those that went before them. Although a firm’s policies stay private - the learning behind it increases in value. It's a complete Win/Win! #Buckler #OpenVRM #CyberProgram #cybercompliance #FinancialServices

(Cybersecurity Dive) Security and IT executives, more than a year after a SEC vote on incident disclosure, still face an uphill battle to articulate risk strategy. Dive Brief: 🔹 Significant gaps exist between perceptions of cyber resilience among top security executives and C-suite leadership, according to a report published last week by PwC. 🔹 More than two-thirds of technology leaders see cybersecurity as their top risk for mitigation, compared with only 48% for business leaders, according to the 2025 Global Digital Trust Insights report. The research is based on a survey of more than 4,000 business and technology executives across 77 countries. 🔹 Less than half of executives said their CISOs were heavily involved in strategic planning, reporting to the board and overseeing technology deployment. In addition, there is a gap between CISOs and top C-suite executives over the company’s ability to comply with regulations, particularly those involving AI and critical infrastructure. NOTE: Even small firms must designate a CISO according to regulations. That said, the communication and prioritization of the value of cybersecurity, strong cyber programs and meeting regulations is still not always leveraged proactively as a business value component. #Buckler #OpenVRM #cybersecuritystrategy #cyberprogram #compliance https://lnkd.in/e3kpGadm

(DarkReading) Imagine a vast and invisible army silently infiltrating your organization's digital defenses. No, this isn't the plot of a sci-fi thriller — it's the reality of non-human identities (NHIs) in today's cybersecurity landscape. The Scale of the Problem 🔹 Consider this: For every 1,000 human users in your organization, you likely have 10,000 non-human connections or credentials. Some estimates suggest the ratio could be as high as 45-to-1. These NHIs include service accounts, system accounts, API keys, tokens, and other forms of machine-based authentication that facilitate the complex web of interactions in our modern digital ecosystem. #Buckler #CyberPosture #CyberProgram #CyberComoliance #compliance https://lnkd.in/etGR5UqM

(BUCKLER) … Buckler was created because cybersecurity is not a once and done game. Its ongoing, regulations get updated, responsibilities change, types of threats change and thus your Cyber Program and Vendor Due Diligence must also change, adapt and grow with the shifting landscape. Buckler facilitates that process to stay cyber compliant in a fraction of the time so you are exam, breach and cyber insurance-ready! Visit https://buckler.app/ #Buckler #OpenVRM #RIAs #BrokerDealers #Insurance